SOC Cybersecurity Analyst Night Shift

$65,000 - $117,500/Yr

Leidos - Alexandria, VA

posted about 1 month ago

Full-time - Entry Level
Alexandria, VA
Professional, Scientific, and Technical Services

About the position

The SOC Cybersecurity Analyst position at Leidos involves monitoring and responding to cybersecurity incidents within the DISA GSM-O program at the Pentagon. This role requires working the night shift and necessitates an active Secret clearance with the ability to obtain TS/SCI. The analyst will utilize various tools and techniques to identify and investigate potential security breaches, support senior personnel in incident reporting, and document findings in a case management system.

Responsibilities

  • Utilize alerts from endpoints, IDS/IPS, netflow, and custom sensors to identify compromises on customer networks/endpoints.
  • Perform junior- to intermediate-level review of massive log files, pivot between data sets, and correlate evidence for incident investigations.
  • Pass triaged alerts to senior-level SOC personnel and assist in identifying malicious actors on customer networks.
  • Document analysis, findings, and actions in a case/knowledge management system.
  • Support senior-level SOC personnel with the creation and distribution of incident reports to customers and higher headquarters.

Requirements

  • Must have an active DoD Secret security clearance or higher, and ability to obtain TS/SCI.
  • Must have DoD 8570 IAT II or higher certification (such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC, etc.) prior to starting.
  • Must have DoD 8570 CSSP-A certification (such as CEH, CySA+, GCIA, etc.) prior to starting.
  • Bachelor's degree and 2+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be substituted in lieu of degree.
  • 1+ years of prior incident handling/response experience.
  • Experience working in a SOC environment is required.
  • CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
  • Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
  • Demonstrated sound understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
  • Strong analytical and troubleshooting skills.

Nice-to-haves

  • Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, Full Packet Capture), and other attack artifacts in support of incident investigations.
  • In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. ArcSight, Splunk, Nitro/McAfee Enterprise Security Manager, QRadar, LogLogic).
  • Experience and proficiency with any of the following: Anti-Virus, HIPS/HBSS, IDS/IPS, Full Packet Capture, Network Forensics.
  • Experience with malware analysis concepts and methods.
  • Unix/Linux command line experience.
  • Scripting and programming experience.
  • Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service